-
Notifications
You must be signed in to change notification settings - Fork 232
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Key Rotation #31
Comments
Disclaimer: the comments below are from a quick read, i haven't thought it through in detail. I still need to review how TUF works exactly.
I agree we need to find the right way to do key {storage, derivation, rotation, etc}. But this is a much larger thing than signing records, because it impacts how keys are stored, what keys are stored online vs offline, agents, and so on. |
|
In any case, really good to get the discussion started. what we should do is gather a bibliography, and multiple other people who can help design the right support for the various schemes. |
After learning how a private key can be cracked through plain text + signature sampling (see: #24 (comment)), I've been searching to understand what are other implications and ways to overcome them, taking inspiration from PKI (SSL, TLS, X509, etc) and also from TUF, Notary and Docker Content of Trust.
Problem Statement: If an attacker is able to crack down a private key, they will be able to: 1) Impersonate us and therefore abuse our credibility in their favor, 2) Capture private communication. We can avoid number 2 by having a crypto channel that ensures Perfect Forward Secrecy, making the number 1 the issue the most pressing one.
In the IPFS context, if an attacker could 1) impersonate us, they would be able to: a) publish content as if it was us, b) add provider records that point to a given peer, which could cause a DOS on that peer if a lot of peers try to contact it at the same time for Records that it doesn't even possess.
To illustrate the several problems and possible candidate solutions, I'll go through 3 different scenarios.
Single key-pair
This scenario is simple to illustrate. If we use the same key-pair for everything and if it gets compromised, then an attacker gets full privileges and there is no way other than accepting defeat and rebooting the whole node. Using the same key for everything increases the possibility for crypto analysis and side channel attacks
Multiple 'chained' key-pair (hopefully the right way to go)
In this scenario, we would create a chain of keys with different privileges, using the MerkleDAG data structure:
Multiple 'non chained' key-pair
Very similar to the above with the exception that the record-store-key-pair would not be signed by the id-key-pair, making it impossible to associate who created the record to who is providing it, enabling attackers that compromise the record-store-key-pair to add records to the network pointing to a peer that they do not control for DOS attacks.
Other notes:
The text was updated successfully, but these errors were encountered: